I got that one too, gmail didn't mark it as Spam though. The terrible english is of course a dead giveaway.
You'd think for all the effort people put into these kinds of hack attempts, they'd at least find somebody who can write proper english.
Topic: campbx phishing attack? (Read 3433 times)
Yeah, i got the same email. Live detected it as spam. Looks like it's a spoofed email. The campbx.com.co was a dead giveaway
I got the same email this morning. CampBX is in major decline anyway. After my last fiasco with their insanely non-responsive customer service I resolved never to go near the place again.
I just got an email from "CampBX" today.
Obviouisly, campbx.com.co, is a phishing URL. Going to http://whois.co gives me this info:
So, is it safe to still use CampBX? I am a CampBX member. I don't think I had any money in there, but is it safe to go check?
EDIT: The headers of the email were a bit odd, too:
Quote
Hello,
We are making a maintenance on our servers due to a technical problem for
the next 24 hours.
So, as you can see CampBX.com is already offline, you will have to logging
in on the following link:
http://www.campbx.com.co/
It is recommended that you activate your double authenticator before
logging in.
We are sorry for the inconvenience and doing our best to resolve this
problem.
If you have any questions, please contact us at
https://CampBX.com/contact.php or
refer to the FAQ page at https://CampBX.com/faq.php for more information.
Thank you,
CampBX Team
We are making a maintenance on our servers due to a technical problem for
the next 24 hours.
So, as you can see CampBX.com is already offline, you will have to logging
in on the following link:
http://www.campbx.com.co/
It is recommended that you activate your double authenticator before
logging in.
We are sorry for the inconvenience and doing our best to resolve this
problem.
If you have any questions, please contact us at
https://CampBX.com/contact.php or
refer to the FAQ page at https://CampBX.com/faq.php for more information.
Thank you,
CampBX Team
Obviouisly, campbx.com.co, is a phishing URL. Going to http://whois.co gives me this info:
Quote
Domain Name CAMPBX.COM.CO
Domain ID D53300344-CO
Registrar-Reseller Name GANDI SAS
Sponsoring Registrar CCI REG S.A.
Sponsoring Registrar IANA ID 1607
Registrar URL (registration services) http://my.co
Domain Status clientTransferProhibited
Registrant ID FL5396-GANDI
Registrant Name FREDERIC LEBOIS
Registrant Organization FREDERIC LEBOIS
Registrant Address1 296 RUE DE VAUGIRARD
Registrant City PARIS
Registrant State/Province 11
Registrant Postal Code 75015
Registrant Country France
Registrant Country Code FR
Registrant Phone Number +33.641450089
Registrant Email [email protected]
Administrative Contact ID FL5396-GANDI
Administrative Contact Name FREDERIC LEBOIS
Administrative Contact Organization FREDERIC LEBOIS
Administrative Contact Address1 296 RUE DE VAUGIRARD
Administrative Contact City PARIS
Administrative Contact State/Province 11
Administrative Contact Postal Code 75015
Administrative Contact Country France
Administrative Contact Country Code FR
Administrative Contact Phone Number +33.641450089
Administrative Contact Email [email protected]
Name Server A.DNS.GANDI.NET
Name Server B.DNS.GANDI.NET
Name Server C.DNS.GANDI.NET
Created by Registrar CCI REG S.A.
Last Updated by Registrar CCI REG S.A.
Domain Registration Date Thu Jan 23 16:46:33 GMT 2014
Domain Expiration Date Thu Jan 22 23:59:59 GMT 2015
Domain Last Updated Date Thu Jan 23 16:46:35 GMT 2014
Domain ID D53300344-CO
Registrar-Reseller Name GANDI SAS
Sponsoring Registrar CCI REG S.A.
Sponsoring Registrar IANA ID 1607
Registrar URL (registration services) http://my.co
Domain Status clientTransferProhibited
Registrant ID FL5396-GANDI
Registrant Name FREDERIC LEBOIS
Registrant Organization FREDERIC LEBOIS
Registrant Address1 296 RUE DE VAUGIRARD
Registrant City PARIS
Registrant State/Province 11
Registrant Postal Code 75015
Registrant Country France
Registrant Country Code FR
Registrant Phone Number +33.641450089
Registrant Email [email protected]
Administrative Contact ID FL5396-GANDI
Administrative Contact Name FREDERIC LEBOIS
Administrative Contact Organization FREDERIC LEBOIS
Administrative Contact Address1 296 RUE DE VAUGIRARD
Administrative Contact City PARIS
Administrative Contact State/Province 11
Administrative Contact Postal Code 75015
Administrative Contact Country France
Administrative Contact Country Code FR
Administrative Contact Phone Number +33.641450089
Administrative Contact Email [email protected]
Name Server A.DNS.GANDI.NET
Name Server B.DNS.GANDI.NET
Name Server C.DNS.GANDI.NET
Created by Registrar CCI REG S.A.
Last Updated by Registrar CCI REG S.A.
Domain Registration Date Thu Jan 23 16:46:33 GMT 2014
Domain Expiration Date Thu Jan 22 23:59:59 GMT 2015
Domain Last Updated Date Thu Jan 23 16:46:35 GMT 2014
So, is it safe to still use CampBX? I am a CampBX member. I don't think I had any money in there, but is it safe to go check?
EDIT: The headers of the email were a bit odd, too:
Quote
Delivered-To: [email protected]
Received: by 10.112.221.131 with SMTP id qe3csp98957lbc;
Fri, 24 Jan 2014 05:13:34 -0800 (PST)
X-Received: by 10.43.60.139 with SMTP id ws11mr10778447icb.12.1390569213105;
Fri, 24 Jan 2014 05:13:33 -0800 (PST)
Return-Path: <[email protected]>
Received: from campbx.com (189-83-59-45.user.veloxzone.com.br. [189.83.59.45])
by mx.google.com with SMTP id 9si3840834igo.72.2014.01.24.05.13.26
for;
Fri, 24 Jan 2014 05:13:33 -0800 (PST)
Received-SPF: fail (google.com: domain of [email protected] does not designate 189.83.59.45 as permitted sender) client-ip=189.83.59.45;
Authentication-Results: mx.google.com;
spf=hardfail (google.com: domain of [email protected] does not designate 189.83.59.45 as permitted sender) [email protected]
Message-ID: <[email protected]>
Date: Fri, 24 Jan 2014 14:13:32 +0100
From: "Nticompass" <[email protected]>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Webmaster" <[email protected]>
Subject: CampBx Offline
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Received: by 10.112.221.131 with SMTP id qe3csp98957lbc;
Fri, 24 Jan 2014 05:13:34 -0800 (PST)
X-Received: by 10.43.60.139 with SMTP id ws11mr10778447icb.12.1390569213105;
Fri, 24 Jan 2014 05:13:33 -0800 (PST)
Return-Path: <[email protected]>
Received: from campbx.com (189-83-59-45.user.veloxzone.com.br. [189.83.59.45])
by mx.google.com with SMTP id 9si3840834igo.72.2014.01.24.05.13.26
for
Fri, 24 Jan 2014 05:13:33 -0800 (PST)
Received-SPF: fail (google.com: domain of [email protected] does not designate 189.83.59.45 as permitted sender) client-ip=189.83.59.45;
Authentication-Results: mx.google.com;
spf=hardfail (google.com: domain of [email protected] does not designate 189.83.59.45 as permitted sender) [email protected]
Message-ID: <[email protected]>
Date: Fri, 24 Jan 2014 14:13:32 +0100
From: "Nticompass" <[email protected]>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Webmaster" <[email protected]>
Subject: CampBx Offline
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
I have received that email to an email address which I used _only_ for CampBX.
Same here.
Same here as well. Never having used the email in question elsewhere, I've gotten zero spam of any kind there prior to this. Breach pretty much confirmed.
I have received that email to an email address which I used _only_ for CampBX.
Same here.
After informing CampBX that their customer's data has been compromised, I received that useless reply from CampBX's support:
It is unfortunate that, instead of acknowledging that they might have had an issue, and be plainly transparent about it, their support simply answers ready-made replies that fail to address the critical issue at hand, and seem to deny that there is any serious issue.
As if telling me to be careful where I login would be a solution to the fact that they have leaked my data to fraudsters/scammers!!
Quote
Dear XXXX,
Please do not reply or share your login details to any other trading platforms other than https://campbx.com (and https://testnet.campbx.com) to protect your funds. You may see emails generated from phishing websites like campbx.be and cambx.eu. We are trying to investigate for the same.
Thank you,
CampBX Support
*** Please check the correct domain of CampBX Bitcoin Trading Platform(https://campbx.com) before login into the CampBX to protect your funds from various phishing websites.
Please do not reply or share your login details to any other trading platforms other than https://campbx.com (and https://testnet.campbx.com) to protect your funds. You may see emails generated from phishing websites like campbx.be and cambx.eu. We are trying to investigate for the same.
Thank you,
CampBX Support
*** Please check the correct domain of CampBX Bitcoin Trading Platform(https://campbx.com) before login into the CampBX to protect your funds from various phishing websites.
It is unfortunate that, instead of acknowledging that they might have had an issue, and be plainly transparent about it, their support simply answers ready-made replies that fail to address the critical issue at hand, and seem to deny that there is any serious issue.
As if telling me to be careful where I login would be a solution to the fact that they have leaked my data to fraudsters/scammers!!
I agree. It's exactly like with the withdrawal/deposit delays. They don't want to say anything publicly to make anyone nervous. Sure they will e-mail you with a vague comment but they won't admit anything is going on. Most likely until something goes horribly wrong and they have no choice or get sued.
Have any of you guys that got the phising email (which I assume is pretty much everyone?) ever used their helpdesk/ticket system? I'm curious if emails were leaked from the campbx.kayako.com
I received the phishing email and I never used the help desk system. And I never used that particular email address on any site but campbx.com.
edit: Now that I think of it, Dwolla would know what email address I used with campbx, since I used them to transfer money there. But I haven't heard anything about Dwolla being compromised.
After informing CampBX that their customer's data has been compromised, I received that useless reply from CampBX's support:
It is unfortunate that, instead of acknowledging that they might have had an issue, and be plainly transparent about it, their support simply answers ready-made replies that fail to address the critical issue at hand, and seem to deny that there is any serious issue.
As if telling me to be careful where I login would be a solution to the fact that they have leaked my data to fraudsters/scammers!!
Quote
Dear XXXX,
Please do not reply or share your login details to any other trading platforms other than https://campbx.com (and https://testnet.campbx.com) to protect your funds. You may see emails generated from phishing websites like campbx.be and cambx.eu. We are trying to investigate for the same.
Thank you,
CampBX Support
*** Please check the correct domain of CampBX Bitcoin Trading Platform(https://campbx.com) before login into the CampBX to protect your funds from various phishing websites.
Please do not reply or share your login details to any other trading platforms other than https://campbx.com (and https://testnet.campbx.com) to protect your funds. You may see emails generated from phishing websites like campbx.be and cambx.eu. We are trying to investigate for the same.
Thank you,
CampBX Support
*** Please check the correct domain of CampBX Bitcoin Trading Platform(https://campbx.com) before login into the CampBX to protect your funds from various phishing websites.
It is unfortunate that, instead of acknowledging that they might have had an issue, and be plainly transparent about it, their support simply answers ready-made replies that fail to address the critical issue at hand, and seem to deny that there is any serious issue.
As if telling me to be careful where I login would be a solution to the fact that they have leaked my data to fraudsters/scammers!!
Someone I know got this also. Did CampBX's email list get leaked?
I don't think its campx list. I received the mail too and I never went to that site.
Maybe they are mailing to BTCtalk list?
Have any of you guys that got the phising email (which I assume is pretty much everyone?) ever used their helpdesk/ticket system? I'm curious if emails were leaked from the campbx.kayako.com
Yes on both for me.
Have any of you guys that got the phising email (which I assume is pretty much everyone?) ever used their helpdesk/ticket system? I'm curious if emails were leaked from the campbx.kayako.com
This is unbelievable. Customer data compromised and campbx doesn't say anything? Wtf. Anyone have a response from campbx yet?
Yes. Got one about 2 hours ago. See text below.
Quote
Please do not reply or share your login details to any other trading platforms other than https://campbx.com (and https://testnet.campbx.com) to protect your funds. You may see emails generated from phishing websites like campbx.be and cambx.eu. We are trying to investigate for the same.
So no specifics but we can infer that they're aware of and acknowledge that phishing is going on.
However, there is an important twist to this plot:
I have received that email to an email address which I used _only_ for CampBX. (I use distinct email addresses for distinct services/companies, e.g. "[email protected]" I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.)
Only me and CampBX knew that this email address existed.
So CampBX customer's email list _was_ compromised.
I can confirm this. I also use a unique email with CampBX, and I got the phishing email too. Customer data is compromised.
This is unbelievable. Customer data compromised and campbx doesn't say anything? Wtf. Anyone have a response from campbx yet?
I did not get anything like this today. Maybe they just haven't worked their way to my e-mail addy yet.
However, there is an important twist to this plot:
I have received that email to an email address which I used _only_ for CampBX. (I use distinct email addresses for distinct services/companies, e.g. "[email protected]" I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.)
Only me and CampBX knew that this email address existed.
So CampBX customer's email list _was_ compromised.
I can confirm this. I also use a unique email with CampBX, and I got the phishing email too. Customer data is compromised.
Thank God I got my funds out of there recently. I can just see those jerks saying "oh you were hacked, sorry your funds are gone." I mean, why no response yet from CampBX? I'm sure they've received hundreds of complaints.
Got one too! Except from a different email address.
Sent from Daniel ayoder <[email protected]>
Sent from Daniel ayoder <[email protected]>
Quote
Hello,
Following a hack our domain name (campbx. Com) we ask you no more on this
url you connect
Now please you connect you only on http://campbx.eu
Thank you to immediatly checked the balance of your account,
contact us if you suspect withdrawal was made last last 6 hours
Support CampBX
Following a hack our domain name (campbx. Com) we ask you no more on this
url you connect
Now please you connect you only on http://campbx.eu
Thank you to immediatly checked the balance of your account,
contact us if you suspect withdrawal was made last last 6 hours
Support CampBX
However, there is an important twist to this plot:
I have received that email to an email address which I used _only_ for CampBX. (I use distinct email addresses for distinct services/companies, e.g. "[email protected]" I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.)
Only me and CampBX knew that this email address existed.
So CampBX customer's email list _was_ compromised.
It would be great to have a reply or a statement from CampBX regarding that.
Anyone?
The thick plottens!
I hope this doesn't mean I won't get my BTC back from that black hole.
Edit: found the same email in my spam folder
I submitted a high-priority ticket to their Helpdesk system and linked them to this thread.
I, for one, will not be logging in to CampBX until/unless they provide more information.
Don't get me wrong, they have been a great service in the past for me, no problems ever.
I, for one, will not be logging in to CampBX until/unless they provide more information.
Don't get me wrong, they have been a great service in the past for me, no problems ever.
Jump to: